Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • IT Management

    Product Overview and Insight: Styra Software

    eWEEK PRODUCT OVERVIEW & INSIGHT: Styra enables enterprises to define, enforce and monitor policy across their cloud-native environments.

    By
    CHRIS PREIMESBERGER
    -
    February 23, 2021
    Share
    Facebook
    Twitter
    Linkedin

      Company: Styra, the company behind Open Policy Agent (OPA) and pioneers in cloud-native authorization.

      Company description: Styra is a privately-held, venture-backed company based in Redwood City, Calif. that was founded in 2015 and led by CEO Bill Mann.

      Styra enables enterprises to define, enforce and monitor policy across their cloud-native environments. With a combination of open-source (Open Policy Agent) and commercial solutions (Declarative Authorization Service), Styra provides security, operations and compliance guardrails to protect applications, as well as the infrastructure on which they run. Styra policy-as-code solutions let developers, DevOps and security teams mitigate risks, reduce human error and accelerate application development. OPA was initially proven out at scale by the likes of Netflix, Capital One, Atlassian, Pinterest and others. Two years later, it has reached the point of over 1 million downloads per week.

      Styra DAS, built on OPA, provides a single control plane for authorization both within applications and for the infrastructure they run upon. OPA and Styra DAS work together to solve typical entitlements/authorization problems for enterprises. For example, enterprise development teams typically build siloed policy in multiple places, use different languages to codify authorization, and have infrastructure policy that is typically unrelated to app policy. OPA and Styra DAS overcome these issues by providing developers with a common policy language, toolset and framework for policy across the cloud-native stack. OPA adds context-aware policy evaluation to tightly control exactly what the proxies allow or deny, and does so with the same policy language and tooling used for all authorization decisions. Styra DAS provides the authoring, distribution, impact analysis, monitoring and audit controls for that policy.

      Developers, DevOps and platform engineering teams have proven OPA and Styra DAS in production to mitigate risk, reduce human error and accelerate application development in today’s dynamic multi-cloud world with Kubernetes, Envoy, Terraform, Kafka and more.

      International operations: The company has support in Europe.

      Products and Services

      Styra Declarative Authorization Service (DAS) is the company’s turnkey enterprise security solution built on the recently Cloud Native Computing Foundation (CNCF) graduated open-source project OPA.

      OPA has evolved from a CNCF incubating project to graduation. CNCF announced it in February 2021.

      Key benefits:

      • Consistent, unified authorization logic across services: Styra DAS enables teams to remove custom logic from the app so developers can focus on more critical, differentiated features. Services don’t need to maintain awareness of requests or contain logic for evaluating access rules.
      • Verify before enforcement with impact analysis: Styra DAS allows you to pre-run policies to see their impact before deployment. Compare changes against historical data, to see what would have been different if the updates had been made. Put rules into monitor-only mode to see where violations occur.
      • Manage and distribute policy at scale: Styra DAS manages authorization policy across services and proxies with a single management and control plane. Policies are enforced locally, and updated centrally, for comprehensive compliance and security. Ensure authorization policy is enforced across services, without custom policy logic.
      • Customizable, context-aware policies: Styra DAS lets DevOps and Development teams incorporate context from authentication tokens, the data being requested, the APIs making requests, and more to meet business requirements, and end brittleness.

      Key features:

      • Rego Policy Builder provides a streamlined, graphical, purpose-built, point-and-click policy interface for OPA authorization rules. This visualization of policy-as-code enables DevOps, security and compliance teams to:
        • Take advantage of the speed and security of OPA, without investing up-front time to learn all the details of Rego, its custom policy language.
        • Speed development of sophisticated security, compliance and operational rules for modern cloud-native applications.
        • More easily communicate across teams to prove that security is in place, and built as intended.
      • Support for microservices and service mesh: With authorization for microservices, Styra DAS helps operationalize the service mesh by controlling what APIs can be executed on what services, both on ingress and egress. As companies increase deployments and software scales to customer demands, these controls are critical in ensuring cloud-native applications adhere to data privacy and compliance regulations, as well as risk mitigation.
      • Support for mutating webhooks and pod security policies: Support for Kubernetes mutating webhooks enables Styra policies to go beyond “allow or deny,” to automatically append, update or add relevant parameters to ensure workloads are compliant before they reach production. Support for these Admission Controllers means Styra DAS can automatically remediate problems that would otherwise result in blocked workloads and manual review. The Pod security policies (PSP) pack extends the existing best practices and PCI DSS 3.2 policy packs, all of which eliminate the need to research, identify and implement baseline guardrails/policies for Kubernetes. With best-practice guardrails in place from the start, human error and missteps that delay projects, slow delivery and introduce risk are eliminated.

      Insight and Analysis

      The New Stack has an insightful article from November 2020 on OPAs by Steven J. Vaughan-Nichols, one of the industry’s best open-source software reporter/analysts. Highlights:

      “Long, long before we were coding policy enforcement into our clouds, we tried to code it into our programs. Most of the answers we created were hard-coded, difficult to maintain, and nigh unto impossible to update. But, in 2016, Open Policy Agent (OPA, pronounced “oh-pa”) for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, Styra, have announced a new three-tier product offering for Styra Declarative Authorization Service (DAS).”

      “OPA is an open source, general-purpose policy engine that unifies policy enforcement across the stack. You write these policies in its high-level declarative language Rego, which, in turn, is based on the old Prolog-based Datalog query language. With Rego, you can specify policy as code and create simple APIs to offload policy decision-making from your software. You can then use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.

      “OPA has been used for creating Kubernetes access policies; setting up cloud security policies; Netflix uses OPA to control internal API resources access; Chef uses it to provide Identity and Access Management (IAM) capabilities in its end-user products.

      “OPA is also a Cloud Native Computing Foundation (CNCF) incubator project. There it averages a rather amazing 1 million downloads a week.

      “Styra’s not the only one singing its approach praises. According to the Gartner report, Market Guide for Compliance Automation Tools in DevOps, “As organizations migrate workloads to the cloud or move from virtualized to containerized environments, I&O leaders must evaluate existing tools that protect cloud and container-based infrastructure. These tools enable enforcing infrastructure compliance policies to minimize configuration-related risks. Opportunities exist for the orchestration of policies over distinct agile infrastructure environments. Specifically, the OPA open source initiative has started to emerge as a source for an ecosystem of startups building enterprise capabilities over OPA.”

      “You can see for yourself what’s all the fuss is about with the new DAS Free. This is a completely free, self-service option for up to two clusters or 10 nodes to streamline the adoption process. For teams with larger production scale needs, DAS Pro offers a clear and transparent pricing model, for up to 50 nodes, to protect and manage Kubernetes clusters as they grow from initial testing/deployment to full production environments. Finally, DAS Enterprise gives teams unlimited OPA deployments and rules with around the clock support. Regardless of the version, all have access to the same management plane, policy libraries, impact analysis, monitoring, and decision logging.

      “These new editions will benefit any number of teams beginning their Kubernetes journey,” said Tim Hinrichs, co-creator of OPA and Styra’s CTO. “It will also help platform engineers new to OPA who want to deploy community best practices immediately without custom coding. Ultimately, this will help lessen the burden for anyone who needs to monitor, validate and test Kubernetes admission control with OPA.”

      List of current customers: Frontdoor, SugarCRM

      Other key players in this market: Aqua, Sysdig, StackRox, Tigera, Oso Security, Magalix, PlainID (Note: Styra is the only solution to define, enforce and monitor policy rules before runtime)

      Delivery: SaaS or on-premises

      Pricing

      Styra offers a three-tier product offering for Styra Declarative Authorization Service (DAS). The DAS Free, DAS Pro and DAS Enterprise editions give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes. Platform engineers and teams can now deploy DAS in just minutes and have access to more than 100 built-in policies, as well as full enterprise-grade monitoring, impact analysis and decision logging. These new offerings enable a self-service experience and eliminate the need for learning and custom coding OPA policies for Kubernetes admission control.

      Platform engineers are able to get started with DAS Free, a completely free, self-service option for up to two clusters or 10 nodes to streamline the adoption process. For teams with larger production scale needs, DAS Pro offers a clear and transparent pricing model, for up to 50 nodes, to protect and manage Kubernetes clusters as they grow from initial testing/deployment to full production environments. DAS Enterprise gives teams an edition that supports unlimited OPA deployments and rules with around the clock support.

      Customers of Styra DAS Free (free), Pro ($70 per node per month) and Enterprise (contact for demo and pricing) all have access to the same management plane, policy libraries, impact analysis, monitoring and decision logging.

      Contact information for potential customers: https://www.styra.com/

      Request a demo: https://registration.styra.com/requestademo

      Also available via Amazon Marketplace.

      ———————————————————————————————

      eWEEK is building an IT products and services section that encompasses most of the categories that we cover on our site. In it, we will spotlight the leaders in each sector, which include enterprise software, hardware, security, on-premises-based systems and cloud services. We also will add promising new companies as they come into the market.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×